Real-time intelligence on supply chain attacks and 0-days from across the internet.
Critical 10
High 1
Medium 0
Low 0
Total 11
IOCs 62
Sources 40
⌘K
Severity
Type
Title
Ecosystem
Published
Confidence
IOCs
Action
Critical
vulnerability_exploit
CVE-2026-0300: Stack-Based Buffer Overflow in PAN-OS User-ID Portal
Critical pre-authentication RCE in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300). Allows root access via specially crafted HTTP POST requests. Actively exploited.
HP
firmware
PAN-OS
1m ago
high
2
High
vulnerability_exploit
CVE-2026-42897: Microsoft Exchange OWA High-Severity XSS
High-severity cross-site scripting (XSS) vulnerability in Microsoft Exchange Server's Outlook Web Access (OWA). Allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser session via a malicious email, leading to session hijacking and unauthorized mailbox access.
HP
microsoft_exchange
Exchange Server
3h ago
high
1
Critical
Supply Chain
AntV npm packages hit by Mini Shai-Hulud supply-chain wave
May 19, 2026 AntV-related npm compromise involving abused publication rights, optional GitHub dependency droppers, Bun lifecycle execution, CI and developer credential theft, project tooling persistence, and provenance-abuse risk.
Malicious node-ipc releases 9.1.6, 9.2.3, and 12.0.1 abused npm package trust to steal developer and CI/CD secrets through import-time execution and DNS exfiltration.
npm
npm
node-ipc
33h ago
High
5
Critical
Supply Chain
Axios npm maintainer compromise delivers cross-platform RAT
Compromised Axios releases 1.14.1 and 0.30.4 added the malicious plain-crypto-js dependency to fetch cross-platform RAT payloads.
npm
npm
Axios HTTP client
33h ago
High
8
Critical
Supply Chain
Typosquatted npm packages backdoor Claude Code sessions with SessionStart hooks
Five typosquatted npm packages installed a hidden ELF under .claude and registered it as a Claude Code SessionStart hook, turning package installation into repeated execution when affected projects open.
npm
npm
auth-javascript
33h ago
High
9
Critical
Supply Chain
Malicious @bitwarden/cli npm package steals developer and cloud credentials
Typosquatted @bitwarden/cli@2026.4.0 targeted developer workstations and CI/CD pipelines, harvesting secrets and attempting worm-like propagation.
npm
npm
Bitwarden CLI
33h ago
High
4
Critical
Supply Chain
Checkmarx Jenkins AST plugin compromised via marketplace release
Malicious Checkmarx Jenkins AST plugin 2026.5.09 was available through the Jenkins Marketplace and executed through normal plugin lifecycle hooks.
HP
Jenkins Marketplace
Jenkins AST Scanner plugin
33h ago
High
6
Critical
Supply Chain
Mini Shai-Hulud compromises npm and PyPI packages
Ongoing TeamPCP-linked campaign compromising npm and PyPI packages with credential-stealing payloads targeting developer and CI/CD secrets.
npm
npm
CAP / Cloud MTA Build Tool
33h ago
High
5
Critical
Supply Chain
TeamPCP compromises Trivy and expands across security tooling
TeamPCP weaponized trusted Trivy distribution channels and related CI/CD tooling to harvest credentials and exfiltrate encrypted archives.
Critical authentication bypass (CVSS 10.0) in Cisco Catalyst SD-WAN vdaemon service. Unauthenticated remote attackers can establish trusted control-plane connections by spoofing a vHub device type, leading to full administrative takeover via SSH key injection.